CVE-2006-1731

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2006-1731
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2006-1731.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2006-1731
Downstream
Published
2006-04-14T10:02:00Z
Modified
2025-08-09T20:01:27Z
Summary
[none]
Details

Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 returns the Object class prototype instead of the global window object when (1) .valueOf.call or (2) .valueOf.apply are called without any arguments, which allows remote attackers to conduct cross-site scripting (XSS) attacks.

References

Affected packages